Merge pull request #6317 from MicrosoftDocs/main

12/13/2024 PM Publish

docs/architecture/road-to-the-cloud-migrate.md

@@ -254,7 +254,7 @@ In the most preferred approach, you undertake projects to migrate from legacy ap
 
 >[!NOTE]
 >* Use Microsoft Entra Domain Services if the dependencies are aligned with [common deployment scenarios for Microsoft Entra Domain Services](/entra/identity/domain-services/scenarios). 
->* To validate if Microsoft Entra Domain Services is a good fit, you might use tools like [Service Map in Azure Marketplace](https://azuremarketplace.microsoft.com/marketplace/apps/Microsoft.ServiceMapOMS?tab=Overview) and [automatic dependency mapping with Service Map and Live Maps](https://techcommunity.microsoft.com/t5/system-center-blog/automatic-dependency-mapping-with-service-map-and-live-maps/ba-p/351867).
+>* To validate if Microsoft Entra Domain Services is a good fit, you might use tools like Azure Monitor VM insights [https://learn.microsoft.com/azure/azure-monitor/vm/vminsights-overview]. 
 >* Validate that your SQL Server instantiations can be [migrated to a different domain](https://social.technet.microsoft.com/wiki/contents/articles/24960.migrating-sql-server-to-new-domain.aspx). If your SQL service is running in virtual machines, [use this guidance](/azure/azure-sql/migration-guides/virtual-machines/sql-server-to-sql-on-azure-vm-individual-databases-guide).
 
 #### Approach 2

docs/id-governance/apps.md

@@ -203,8 +203,6 @@ Microsoft Entra ID Governance can be integrated with many other applications, us
 | [Claromentis](../identity/saas-apps/claromentis-tutorial.md) |  | ● |
 | [Cleanmail Swiss](../identity/saas-apps/cleanmail-swiss-provisioning-tutorial.md) | ● |  |
 | [Clebex](../identity/saas-apps/clebex-provisioning-tutorial.md) | ● | ● |
-| [Cloud Academy - SSO](../identity/saas-apps/cloud-academy-sso-provisioning-tutorial.md) | ● | ● |
-| [Cloud Academy](../identity/saas-apps/cloud-academy-sso-tutorial.md) |  | ● |
 | [Cloud Service PICCO](../identity/saas-apps/cloud-service-picco-tutorial.md) |  | ● |
 | [CMD+CTRL Base Camp](../identity/saas-apps/cmd-ctrl-base-camp-tutorial.md) |  | ● |
 | [Coda](../identity/saas-apps/coda-provisioning-tutorial.md) | ● | ● |
@@ -624,6 +622,7 @@ Microsoft Entra ID Governance can be integrated with many other applications, us
 | [Proxyclick](../identity/saas-apps/proxyclick-provisioning-tutorial.md) | ● | ● |
 | [PurelyHR](../identity/saas-apps/purelyhr-tutorial.md) |  | ● |
 | [pymetrics](../identity/saas-apps/pymetrics-tutorial.md) |  | ● |
+| [QA](../identity/saas-apps/cloud-academy-sso-provisioning-tutorial.md) | ● | ● |
 | [Qiita Team](../identity/saas-apps/qiita-team-tutorial.md) |  | ● |
 | [Qmarkets Idea & Innovation Management](../identity/saas-apps/qmarkets-idea-innovation-management-tutorial.md) |  | ● |
 | [QReserve](../identity/saas-apps/qreserve-tutorial.md) |  | ● |

docs/id-governance/privileged-identity-management/azure-pim-resource-rbac.md

@@ -8,21 +8,21 @@ manager: amycolannino
 ms.service: entra-id-governance
 ms.subservice: privileged-identity-management
 ms.topic: how-to
-ms.date: 09/12/2023
+ms.date: 12/13/2024
 ms.author: barclayn
 ms.reviewer: shaunliu
 
 ---
 # View activity and audit history for Azure resource roles in Privileged Identity Management
 
-Privileged Identity Management (PIM) in Microsoft Entra ID, enables you to view activity, activations, and audit history for Azure resources roles within your organization. This includes subscriptions, resource groups, and even virtual machines. Any resource within the Microsoft Entra admin center that leverages the Azure role-based access control functionality can take advantage of the security and lifecycle management capabilities in Privileged Identity Management. If you want to retain audit data for longer than the default retention period, you can use Azure Monitor to route it to an Azure storage account. For more information, see [Archive Microsoft Entra logs to an Azure storage account](~/identity/monitoring-health/howto-archive-logs-to-storage-account.md).
+Privileged Identity Management (PIM) in Microsoft Entra ID, enables you to view activity, activations, and audit history for Azure resources roles within your organization. This includes subscriptions, resource groups, and even virtual machines. Any resource within the Microsoft Entra admin center that uses the Azure role-based access control functionality can take advantage of the security and lifecycle management capabilities in Privileged Identity Management. If you want to keep audit data for longer than the default retention period, you can use Azure Monitor to route it to an Azure storage account. For more information, see [Archive Microsoft Entra logs to an Azure storage account](~/identity/monitoring-health/howto-archive-logs-to-storage-account.md).
 
 > [!NOTE]
 > If your organization has outsourced management functions to a service provider who uses [Azure Lighthouse](/azure/lighthouse/overview), role assignments authorized by that service provider won't be shown here.
 
 ## View activity and activations
 
-To see what actions a specific user took in various resources, you can view the Azure resource activity that's associated with a given activation period.
+To see the actions a specific user took in various resources, view the Azure resource activity associated with their activation period.
 
 1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [Privileged Role Administrator](~/identity/role-based-access-control/permissions-reference.md#privileged-role-administrator).
 
@@ -132,7 +132,7 @@ My audit enables you to view your personal role activity.
 
     :::image type="content" source="media/azure-pim-resource-rbac/audit-event-target-type.png" alt-text="Screenshot showing how to check the target type.":::
 
-Typically, the log event immediately above the approval event is an event for "Add member to role completed" where the **Initiated by (actor)** is the requester. In most cases, you won't need to find the requester in the approval request from an auditing perspective.
+Typically, the log event immediately above the approval event is an event for **Add member to role completed** where the **Initiated by (actor)** is the requester. In most cases, you won't need to find the requester in the approval request from an auditing perspective.
 
 ## Next steps
 

docs/id-governance/privileged-identity-management/groups-activate-roles.md

@@ -7,7 +7,7 @@ manager: amycolannino
 ms.service: entra-id-governance
 ms.topic: how-to
 ms.subservice: privileged-identity-management
-ms.date: 09/12/2023
+ms.date: 12/13/2024
 ms.author: barclayn
 ms.reviewer: ilyal
 ms.custom: pim
@@ -41,7 +41,7 @@ When you need to take on a group membership or ownership, you can request activa
 
 1. Select **Activate** for the eligible assignment you want to activate.
 
-1. Depending on the group’s setting, you may be asked to provide multi-factor authentication or another form of credential.
+1. Depending on the group’s setting, you may be asked to provide multifactor authentication or another form of credential.
 
 1. If necessary, specify a custom activation start time. The membership or ownership is to be activated only after the selected time.
 
@@ -55,7 +55,7 @@ If the [role requires approval](pim-resource-roles-approval-workflow.md) to acti
 
 ## View the status of your requests
 
-You can view the status of your pending requests to activate. It is important when your requests undergo approval of another person.
+You can view the status of your pending requests to activate.  n It is important when your requests undergo approval of another person.
 
 1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com).
 

docs/id-governance/privileged-identity-management/groups-approval-workflow.md

@@ -7,7 +7,7 @@ manager: amycolannino
 ms.service: entra-id-governance
 ms.topic: conceptual
 ms.subservice: privileged-identity-management
-ms.date: 09/12/2023
+ms.date: 12/13/2024
 ms.author: barclayn
 ms.reviewer: ilyal
 ms.custom: pim

docs/id-governance/privileged-identity-management/groups-role-settings.md

@@ -7,7 +7,7 @@ manager: amycolannino
 ms.service: entra-id-governance
 ms.topic: how-to
 ms.subservice: privileged-identity-management
-ms.date: 09/12/2023
+ms.date: 12/13/2024
 ms.author: barclayn
 ms.custom: pim
 

docs/id-governance/privileged-identity-management/index.yml

@@ -12,7 +12,7 @@ metadata:
   ms.collection: 
   author: barclayn
   ms.author: barclayn
-  ms.date: 09/12/2023
+  ms.date: 12/13/2024
 
 # linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | video | whats-new
 

docs/id-governance/privileged-identity-management/pim-apis.md

@@ -7,7 +7,7 @@ manager: amycolannino
 ms.service: entra-id-governance
 ms.subservice: privileged-identity-management
 ms.topic: how-to
-ms.date: 09/12/2023
+ms.date: 12/13/2024
 ms.author: barclayn
 ms.reviewer: shaunliu
 ms.custom: pim
@@ -48,11 +48,11 @@ Under the `/beta/privilegedAccess` endpoint, Microsoft supported both `/aadRoles
 
 <a name='iteration-3-current--pim-for-azure-ad-roles-groups-in-microsoft-graph-api-and-for-azure-resources-in-arm-api-'></a>
 
-### Iteration 3 (Current) – PIM for Microsoft Entra roles, groups in Microsoft Graph API, and for Azure resources in ARM API 
+### Iteration 3 (Current) – PIM for Microsoft Entra roles, groups in Microsoft Graph API, and for Azure resources in Azure Resource Manager API 
 
 This is the final iteration of the PIM API. It includes:
   - PIM for Microsoft Entra roles in Microsoft Graph API - Generally available. 
-  - PIM for Azure resources in ARM API - Generally available. 
+  - PIM for Azure resources in Azure Resource Manager API - Generally available. 
   - PIM for groups in Microsoft Graph API - Generally available. 
   - PIM alerts for Microsoft Entra roles in Microsoft Graph API - Preview.
   - PIM alerts for Azure Resources in ARM API - Preview.
@@ -66,7 +66,7 @@ Having PIM for Microsoft Entra roles in Microsoft Graph API and PIM for Azure Re
 
 ### Overview of PIM API iteration 3 
 
-PIM APIs across providers (both Microsoft Graph APIs and ARM APIs) follow the same principles. 
+PIM APIs across providers (both Microsoft Graph APIs and Azure Resource Manager APIs) follow the same principles. 
 
 #### Assignments management 
 To create assignment (active or eligible), renew, extend, of update assignment (active or eligible), activate eligible assignment, deactivate eligible assignment, use resources **\*AssignmentScheduleRequest** and **\*EligibilityScheduleRequest**: 

docs/id-governance/privileged-identity-management/pim-approval-workflow.md

@@ -7,15 +7,15 @@ manager: amycolannino
 ms.service: entra-id-governance
 ms.subservice: privileged-identity-management
 ms.topic: how-to
-ms.date: 09/12/2023
+ms.date: 12/13/2024
 ms.author: barclayn
 ms.custom: pim
 
 ---
 
 # Approve or deny requests for Microsoft Entra roles in Privileged Identity Management
 
-With Privileged Identity Management (PIM) in Microsoft Entra ID you can configure roles to require approval for activation, and choose one or multiple users or groups as delegated approvers. Delegated approvers have 24 hours to approve requests. If a request isn't approved within 24 hours, then the eligible user must re-submit a new request. The 24 hour approval time window isn't configurable.
+Privileged Identity Management (PIM) in Microsoft Entra ID allows you to configure roles to require approval for activation, and choose one or multiple users or groups as delegated approvers. Delegated approvers have 24 hours to approve requests. If a request isn't approved within 24 hours, then the eligible user must re-submit a new request. The 24 hour approval time window isn't configurable.
 
 
 
@@ -29,9 +29,9 @@ As a delegated approver, you receive an email notification when a Microsoft Entr
 
 1. Browse to **Identity governance** > **Privileged Identity Management** > **Approve requests**.
 
-    :::image type="content" source="./media/azure-ad-pim-approval-workflow/resources-approve-pane.png" alt-text="Screenshot showing the approve requests page showing request to review Microsoft Entra roles.":::
+    :::image type="content" source="./media/azure-ad-pim-approval-workflow/resources-approve-pane.png" alt-text="Screenshot showing the **Approve requests** page showing request to review Microsoft Entra roles.":::
 
-    In the **Requests for role activations** section, you'll see a list of requests pending your approval.
+    In the **Requests for role activations** section, you can see a list of requests pending your approval.
 
 ## View pending requests using Microsoft Graph API
 
@@ -96,7 +96,7 @@ GET https://graph.microsoft.com/v1.0/roleManagement/directory/roleAssignmentSche
 
  1. Find and select the request that you want to approve. An approve or deny page appears.
  2. In the **Justification** box, enter the business justification.
- 3. Select **Submit**. You will receive an Azure notification of your approval.
+ 3. Select **Submit**. At this point, the system sends an Azure notification of your approval.
 
 ## Approve pending requests using Microsoft Graph API
 
@@ -164,7 +164,7 @@ Here's some information about workflow notifications:
 
 - Approvers are notified by email when a request for a role is pending their review. Email notifications include a direct link to the request, where the approver can approve or deny.
 - Requests are resolved by the first approver who approves or denies.
-- When an approver responds to the request, all approvers are notified of the action.
+- All approvers are notified when an approver responds to an approval request.
 - Global Administrators and Privileged Role Administrators are notified when an approved user becomes active in their role.
 
 >[!NOTE]

docs/id-governance/privileged-identity-management/pim-how-to-use-audit-log.md

@@ -1,18 +1,16 @@
 ---
 title: View audit log report for Microsoft Entra roles in Microsoft Entra PIM
 description: Learn how to view the audit log history for Microsoft Entra roles in Microsoft Entra Privileged Identity Management (PIM).
-
 author: barclayn
 manager: amycolannino
 ms.service: entra-id-governance
 ms.topic: how-to
 ms.subservice: privileged-identity-management
-ms.date: 09/13/2023
+ms.date: 12/13/2024
 ms.author: barclayn
 ms.reviewer: shaunliu
 ms.custom: pim
 
-
 ---
 # View audit history for Microsoft Entra roles in Privileged Identity Management
 

docs/id-governance/privileged-identity-management/pim-perform-roles-and-resource-roles-review.md

@@ -1,13 +1,12 @@
 ---
 title: Perform an access review of Azure resource and Microsoft Entra roles in PIM
 description: Learn how to review access of Azure resource and Microsoft Entra roles in Privileged Identity Management (PIM).
-
 author: barclayn
 manager: amycolannino
 ms.service: entra-id-governance
 ms.topic: how-to
 ms.subservice: privileged-identity-management
-ms.date: 09/13/2023
+ms.date: 12/13/2024
 ms.author: barclayn
 ms.custom: pim
 
@@ -23,10 +22,10 @@ If you're at least a Privileged Role Administrator interested in access reviews,
 
 ## Approve or deny access
 
-You can approve or deny access based on whether the user still needs access to the role. Choose **Approve** if you want them to stay in the role, or **Deny** if they don't need the access anymore. The users' assignment status won't change until the review closes and the administrator applies the results. Common scenarios in which certain denied users can't have results applied to them may include the following:
+You can approve or deny access based on whether the user still needs access to the role. Choose **Approve** if you want them to stay in the role, or **Deny** if they don't need the access anymore. The users' assignment status doesn't change until the review closes and the administrator applies the results. Common scenarios in which certain denied users can't have results applied to them may include the following:
 
 - **Reviewing members of a synced on-premises Windows AD group**: If the group is synced from an on-premises Windows AD, the group can't be managed in Microsoft Entra ID, and therefore membership can't be changed.
-- **Reviewing a role with nested groups assigned**: For users who have membership through a nested group, the access review won't remove their membership to the nested group and therefore they retain access to the role being reviewed.
+- **Reviewing a role with nested groups assigned**: For users who have membership through a nested group, the access review doesn't remove their membership to the nested group and therefore they retain access to the role being reviewed.
 - **User not found or other errors**: These may also result in an apply result not being supported.
 
 Follow these steps to find and complete the access review:

docs/id-governance/privileged-identity-management/pim-resource-roles-approval-workflow.md

@@ -7,7 +7,7 @@ manager: amycolannino
 ms.service: entra-id-governance
 ms.topic: how-to
 ms.subservice: privileged-identity-management
-ms.date: 09/14/2023
+ms.date: 12/13/2024
 ms.author: barclayn
 ms.reviewer: shaunliu
 ms.custom: pim
@@ -16,7 +16,7 @@ ms.custom: pim
 
 # Approve or deny requests for Azure resource roles in Privileged Identity Management
 
-Microsoft Entra Privileged Identity Management (PIM) enables you to configure roles so that they require approval for activation, and choose users or groups from your Microsoft Entra organization as delegated approvers. We recommend selecting two or more approvers for each role to reduce workload for the Privileged Role Administrator. Delegated approvers have 24 hours to approve requests. If a request isn't approved within 24 hours, then the eligible user must re-submit a new request. The 24 hour approval time window isn't configurable.
+Microsoft Entra Privileged Identity Management (PIM) enables you to configure roles so that they require approval for activation, and choose users or groups from your Microsoft Entra organization as delegated approvers. We recommend selecting two or more approvers for each role to reduce workload for the Privileged Role Administrator. Delegated approvers have 24 hours to approve requests. If a request isn't approved within 24 hours, then the eligible user must resubmit a new request. The 24 hour approval time window isn't configurable.
 
 Follow the steps in this article to approve or deny requests for Azure resource roles.
 
@@ -30,7 +30,7 @@ As a delegated approver, you receive an email notification when an Azure resourc
 
 1. Browse to **Identity governance** > **Privileged Identity Management** > **Approve requests**.
 
-    :::image type="content" source="./media/pim-resource-roles-approval-workflow/resources-approve-requests.png" alt-text="Screenshot of the Approve requests - Azure resources page showing request to review.":::
+    :::image type="content" source="./media/pim-resource-roles-approval-workflow/resources-approve-requests.png" alt-text="Screenshot of the **Approve requests - Azure resources page** showing request to review.":::
 
     In the **Requests for role activations** section, you see a list of requests pending your approval.
 
@@ -39,10 +39,10 @@ As a delegated approver, you receive an email notification when an Azure resourc
 
  1. Find and select the request that you want to approve. An approve or deny page appears.     
  2. In the **Justification** box, enter the business justification.
- 3. Select **Approve**. You will receive an Azure notification of your approval.
+ 3. Select **Approve**. You receive an Azure notification of your approval.
 
 
-## Approve pending requests using Microsoft ARM API
+## Approve pending requests using Microsoft Azure Resource Manager API
 
 >[!NOTE]
 > Approval for **extend and renew** requests is currently not supported by the Microsoft ARM API